All About Security

Your worries of someone reading your entries are over.

Learn about how Penzu keeps your entries safe.

Privacy First

Private By Default Penzu is unlike other services, especially blogs, in that your entries are private by default. This is true for writing on a pad of paper or in a paper-bound journal–your work is private unless you decide to share it.

Locking Taking that concept one step further, Penzu allows you to individually password protect each entry. Since your Penzu account is already password protected, entry locking acts as a second safeguard.

Go Pro In order to ensure your entries are secure, sign up for Penzu Pro. Benefit from military-grade encryption and an unparalleled distributed security process.

Military-Grade

Ultimate Privacy By signing up for a Pro account, not only can you lock individual entries, you can choose to encrypt them. The encryption is military-grade, and so secure that if your password is forgotten, it will never be able to be unlocked. That's right, even we cannot unlock encrypted entries for you. If you think you might forget your password, use a hint that will help you remember.

Ironclad We use the same encryption algorithm used by the US Government: 256-bit AES encryption. A brute force attack–checking a billion billion keys per second–on an encrypted entry would take sexdecillions of years (3 x 1051) to crack. How many years is that? To give you an example, the earth is 4.55 x 109 years old…

1 You decide you want to lock an entry and click on the Lock button on the toolbar. You enter a password (which is easy to remember but difficult for anyone else to guess), a hint, and Encryption Lock the entry.

2 Your password and entry are sent over a secure HTTPS connection to our servers.

3 The server generates a random password used in the encryption process that might look like this:

4 A KEY is created by combining this random password with your entry password.

5 This KEY is then used to encrypt the entry. The components of the key (the entry password and random password) are encrypted as well and stored in a separate and secure location on our servers.

6 All plaintext info is discarded from memory and irretrievable.

Distributed Security

Not Just Encryption When you lock an entry using encryption, we go to extra lengths to protect and store your password and encryption key. Each time you lock an entry, we combine your password with a random password to create a unique "key". This key is what is required to encrypt and decrypt your entry.

Encrypted Encryption On top of encrypting your entry, we also encrypt the key. Your original password (which we encrypt using one-way encryption), and the random password (which we also encrypt) are also stored in separate places, each behind another layer of security.

Protected by SSL

More For Everyone Both Free and Pro account sessions are protected using the same technology used by online banking sites: 256-bit SSL. The industry- standard method for protecting web communications, SSL (or HTTPS) provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection.

Always On This means that from the moment you log in to your Penzu account, your work is protected as you type. Most online transactions, including all online banking, is done using SSL.

There are three pieces needed to decrypt the entry (user password, random data, our private key). The user password is only known to the user and encrypted using ONE-WAY ENCRYPTION. The random password is also encrypted and stored in our DB, and our private key (needed to decrypt the random data) is stored on a separate server. Each server is highly protected as well, requiring multiple passwords for access.

Because the contents of each entry become encrypted, the content is no longer searchable. Making an encrypted entry searchable is only possible if that entry is decrypted, which would make it vulnerable to attacks during searches.